“Outsmarted: Captcha security not much of a gotcha”

Captchas

I’m sure you have all been to a website to register and you get to the spot where they make sure your human by typing in the string of text in the box. right? Well this step is there not to see if you can read obnoxiously small numbers with a background that disguises the letters, but it is there to minimize accounts that would be created by bots. It has now been brought to our attention that this filter to stop bots might be UN-beneficial as of today, as researches have found a way to do it.

A team of Stanford University researchers were able to create a program that can read these annoying distorted letters. The algorithm Decaptcha  works by detecting shapes and removing “noise” or distractions from letters. This allows their bots to sign up on many websites such as Blizzard, eBay, and Visa (Figure1). This algorithm can be dangerous because giving to the wrong people, it can de-purpose the point of these Captcha programs.

Decpatcha success rates

As you can see in the diagram, only google was able to completely stop
Decaptcha from creating accounts.

Although Sanford says they will keep Decaptcha to themselves, they will allow companies to use it to test their Captchas. They say “Our goal is to make the Web a better place, not to harm users.”

Now that people are aware that these Captcha programs can be manipulated, it will arise talk as to what else can websites do to protect their users as I am sure many other people are going to try to create their own algorthim to bypass these Captchas.Now do you wish those string of letters were easier to read? I know I dont.

Source: http://news.cnet.com/8301-31921_3-20127715-281/outsmarted-captcha-security-not-much-of-a-gotcha/?tag=mncol;topStories

Advertisements

8 thoughts on ““Outsmarted: Captcha security not much of a gotcha”

  1. I agree those CAPTCHA boxes are obnoxious and annoying. But they are a necessary evil in websites’ efforts to reduce spamming. Until they come out with a better implementation of the Turing Test, we’re stuck squinting at the screen trying to figure out what the heck the picture says.

  2. That’s an interesting article.. I figured some day Captas would be cracked, it’s good that Sanford University is keeping it to themselves rather than making their algorithm public.

  3. The moment I pressed the submit button and went to the blog I saw your blog post which is about the same topic I touched upon. What do you think would be the next solution if captcha would considered doomed?

    • Well sometimes I see website forms ask me to do a math problem (4+4 = ?)
      and I also see sites use a riddle to make sure I am human.. Other than that I am not sure about other alternatives. Did you have any on mind?

      • Those math problems are never going to be picked up by everyone. That should be really easy for a computer to figure out. The riddles on the other hand are harder. reCAPTCHA which was bought by Google a year or so ago is still uncracked. I have also seen CAPTCHA type things where they ask you to pick an an image from a list, like take the banana and put it over there.

  4. These CAPTCHA boxes are extremely necessary for webisite protection because they can easily prevent some type of attack or injections. I’m sure some internet guru can figure out a way to prevent these injections with a more secure type of CAPTCHA.

  5. CAPTCHA images have certainly annoyed me for years, but I can still appreciate the added security they implement. I’m sure most people couldnt create an algorithm to crack a CAPTCHA image. I’d be more worried about the Decaptcha algorithm leaking, especially since they are allowing companies to use it.

  6. This happening was inevitable, I’m sure that companies could obfuscate the words to an even greater degree to guard against computers however we have to be able to read it at the same time. I can’t speak for anybody else but sometimes I can’t decipher the text in the images. In any case something new will be created to replace the CAPTCHA system once it has been rendered obsolete.

Comments are closed.